<?php
// +----------------------------------------------------------------------
// | ThinkPHP
// +----------------------------------------------------------------------
// | Copyright (c) 2008 http://thinkphp.cn All rights reserved.
// +----------------------------------------------------------------------
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
// +----------------------------------------------------------------------
// | Author: liu21st <liu21st@gmail.com>
// +----------------------------------------------------------------------
// $Id$

/**
 +------------------------------------------------------------------------------
 * 访问决策管理器
 +------------------------------------------------------------------------------
 * @category   ORG
 * @package  ORG
 * @subpackage  RBAC
 * @author    liu21st <liu21st@gmail.com>
 * @version   $Id$
 +------------------------------------------------------------------------------
 */
class AccessDecisionManager extends Base{

    public $roleTable;
    public $roleAccessTable;
    public $roleNodeTable;


    /**
     +----------------------------------------------------------
     * 架构函数
     *
     +----------------------------------------------------------
     * @static
     * @access public
     +----------------------------------------------------------
     */
    public function __construct()
    {
        import("Think.Db.Db");
        $this->roleTable = C('DB_PREFIX').'role';
        $this->roleUserTable  =  C('DB_PREFIX').'user';
        $this->roleAccessTable=   C('DB_PREFIX').'access';
        $this->roleNodeTable    =   C('DB_PREFIX').'node';
    }

    /**
     +----------------------------------------------------------
     * 决策认证
     * 检查是否具有当前的操作权限
     +----------------------------------------------------------
     * @param integer $authId 认证id
     * @param string $app 项目名
     * @param string $module 模块名
     * @param string $action 操作名
     +----------------------------------------------------------
     * @access public
     +----------------------------------------------------------
     * 2009.07.19 Huangruhua 此方法未被使用
     *
     */
    public function decide($role,$app=APP_NAME,$module=MODULE_NAME,$action=ACTION_NAME)
    {
        //决策认证号是否具有当前模块权限
        $db     =   DB::getInstance();
        $sql    =   "select role.name from ".
                    $this->roleTable." as role,".
                    $this->roleUserTable." as usr,".
                    $this->roleAccessTable." as access ,".
                    $this->roleNodeTable." as node ".
                    "where b.usr={$authId} and b.role=a.name and ( c.role=a.name  or (c.role=a.pid and a.pid!=0 ) )  and c.groupId=a.id and c.nodeId=d.id and ( (d.name='".$module."' and d.level=2) or ( d.name='".$action."' and d.level=3 ) or ( d.name='".$app."' and d.level=1) )";
        $rs =   $db->query($sql);
        if($rs->count()>0) {
            return true;
        }else {
            return false;
        }
    }

    /**
     +----------------------------------------------------------
     * 取得当前认证号的所有权限列表
     +----------------------------------------------------------
     * @param string $appPrefix 数据库前缀
     +----------------------------------------------------------
     * @access public
     +----------------------------------------------------------
     */
    public function getAccessList($roleName){
        $db     =   DB::getInstance();
        $sql    =   "select node.id,node.name,node.pid,node.level from ".
                    $this->roleAccessTable." access left join ".
                    $this->roleNodeTable." node on node.id=access.nodeId ".
                    "where access.role='{$roleName}' order by node.level asc,node.pid";
        $nodes =   $db->query($sql);
        $access=array();
        if(is_array($nodes)){
            $nodesMapping=array();
            foreach($nodes as $node){
                if($node['level']!='3' && false===array_key_exists($node['id'],$nodesMapping)){
                    $node['name']=strtoupper($node['name']);
                    $nodesMapping[$node['id']]=$node;
                }else{
                    //action处理
                    $moduleNode=$nodesMapping[$node['pid']];
                    $appNode=$nodesMapping[$moduleNode['pid']];
                    $access[$appNode['name']][$moduleNode['name']][strtoupper($node['name'])]=$node['id'];
                }
            }
        }
        return $access;
    }

    // 读取模块所属的记录访问权限
    public function getModuleAccessList($roleName,$module) {
        // 读取模块权限
        $db     =   DB::getInstance();
        $sql    =   "select c.nodeId from ".
                    $this->roleTable." as a,".
                    $this->roleUserTable." as b,".
                    $this->roleAccessTable." as c ".
                    "where b.userId={$authId} and b.groupId=a.id and ( c.groupId=a.id  or (c.groupId=a.pid and a.pid!=0 ) ) and a.status=1 and  c.module='{$module}' and c.status=1";
        $rs =   $db->query($sql);
        $access =   array();
        foreach ($rs as $node){
            $node   =   (array)$node;
            $access[]   =   $node['nodeId'];
        }
        return $access;
    }
}//类定义结束
?>